Save the file and [[Daemons|restart the daemon]] with {{ic|systemctl restart clamd.service}}.

=== Error: No supported database files found ===

=== Error: No supported database files found ===

Revision as of 02:57, 13 August 2017

Clam AntiVirus is an open source (GPL) anti-virus toolkit for UNIX. It provides a number of utilities including a flexible and scalable multi-threaded daemon, a command line scanner and advanced tool for automatic database updates. Because ClamAV's main use is on file/mail servers for Windows desktops it primarily detects Windows viruses and malware.

If you would like clamscan to remove the infected file add to the command the --remove option, or you can use --move=/dir to quarantine them.

You may also want clamscan to scan larger files. In this case, append the options --max-filesize=4000M and --max-scansize=4000M to the command. '4000M' is the largest possible value, and may be lowered as necessary.

Using the -l /path/to/file option will print the clamscan logs to a text file for locating reported infections.

Using the milter

Copy /etc/clamav/clamav-milter.conf.sample to /etc/clamav/clamav-milter.conf and adjust it to your needs. For example:

OnAccessScan

On-access scanning requires the kernel to be compiled with the fanotify kernel module (kernel >= 3.8). Check if fanotify has been enabled before enabling on-access scanning.

$ cat /proc/config.gz | gunzip | grep FANOTIFY=y

On-access scanning will scan the file while reading, writing or executing it.

First, edit the /etc/clamav/clamd.conf configuration file by adding the following to the end of the file (you can also change the individual options):

/etc/clamav/clamd.conf

# Enables on-access scan, requires clamd service running
ScanOnAccess true
# Set the mount point where to recursively perform the scan,
# this could be every path or multiple path (one line for path)
OnAccessMountPath /usr
OnAccessMountPath /home/
OnAccessExcludePath /var/log/
# Flag fanotify to block any events on monitored files to perform the scan
OnAccessPrevention false
# Perform scans on newly created, moved, or renamed files
OnAccessExtraScanning true
# Check the UID from the event of fanotify
OnAccessExcludeUID 0
# Specify an action to perform when clamav detects a malicious file
# it is possible to specify an inline command too
VirusEvent /etc/clamav/detected.zsh
# WARNING: clamd should run as root
User root

Next, create the file /etc/clamav/detected.zsh and add the following. This allows you to change/specify the debug message when a virus has been detected by clamd's on-access scanning service:

Error: No supported database files found

This happens because of mismatch between /etc/freshclam.conf setting DatabaseDirectory and /etc/clamd.conf setting DatabaseDirectory.
/etc/freshclam.conf pointing to /var/lib/clamav, but /etc/clamd.conf (default directory) pointing to /usr/share/clamav, or other directory. Edit in /etc/clamd.conf and replace with the same DatabaseDirectory like in /etc/freshclam.conf. After that clamav will start up succesfully.

Error: Can't create temporary directory

If you get the following error, along with a 'HINT' containing a UID and a GID number: